Fixes CVE-2014-9680 - A user with sudo access may be able to exploit
parsing bugs in the time zone parsing functions of the system's C
library functions. The user may also be able to read arbitrary files,
potentially causing changes in system behavior when reading certain
device special files or simply causing the program run via sudo to
block.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Just like we're passing --with-libpthread-prefix, we also need to pass
--with-librt-prefix in order to avoid having the gnutls build system
detect the librt in /usr/lib, and pass -L/usr/lib to the linker flags.
Fixes:
http://autobuild.buildroot.org/results/fa5/fa58602cb78ffe3ae4ee389ef5cf5a37b7657c4c/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes http://autobuild.buildroot.net/results/92c/92c3fb4ddb934115b228652bb8c972bb7459bb40/
While the -fuse-ld=gold flag is related to linking, it is an argument to the
compiler driver to tell it what linker to execute, NOT an option to tell the
linker to behave differently.
So it shouldn't get prefixed with -Wl when passed though the compiler driver.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-0255 - Information leak in the XkbSetGeometry request of X servers
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libsepol use the same build system than libselinux,
so it's affected by the same issue.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
mplayer fails to compile with the following error message:
libmpdemux/demux_gif.c: In function 'demux_open_gif':
libmpdemux/demux_gif.c:260:3: error: too few arguments to function
'DGifOpen'
gif = DGifOpen(demuxer->stream, my_read_gif);
Backport an upstream patch to support newer versions of libgif in
mplayer. Unfortunately this patch is incomplete and mplayer stills
failing to compile with a new error message:
libvo/vo_gif89a.c: In function 'uninit':
libvo/vo_gif89a.c:374:3: error: too few arguments to function
'EGifCloseFile'
EGifCloseFile(new_gif); // also frees gif storage space.
So I have written a new patch and submitted it upstream to finally fix
the problem.
Upstream commit:
a0ddaef545
New submitted patch:
https://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2015-February/072848.html
Fixes:
http://autobuild.buildroot.net/results/a51/a510a0ab2cb827bb91b4fdec43055f2bfda239b1/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Like for lingcrypt and openssl, help the configure script to find
zlib installed in STAGING_DIR.
Otherwise, It might find the one installed on the host:
checking how to link with libz... /usr/lib/libz.so -Wl,-rpath -Wl,/usr/lib
Fixes:
http://autobuild.buildroot.net/results/93b/93b43e114f21a22f0f8b7d7dd6774c089c426cd1
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The sha1 used for the DT enabled kernel is no longer available
(presumably, the rpi-3.18.y branch was rebased recently.) This updates
it to the lastest sha1 in the rpi-3.18.y branch.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Backport a patch from Fedora
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Backport a patch from Fedora
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Updated text to say that the defconfig is written to the BR2_DEFCONFIG
location.
Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Add a patch to fix qt5connectivity for big endian platforms.
Building qtconnectivity fails for big endian platforms because the
bswap_16 function is not declared. This is the error message:
In file included from bluez/hcimanager_p.h:52:0,
from bluez/hcimanager.cpp:35:
./bluez/bluez_data_p.h: In function 'quint16 bt_get_le16(const void*)':
./bluez/bluez_data_p.h:172:60: error: 'bswap_16' was not declared in
this scope
return bswap_16(bt_get_unaligned((const quint16 *) ptr));
bswap_16 is defined in byteswap.h so we can include this file in order
to fix this problem.
This patch has been submitted upstream:
https://bugreports.qt.io/browse/QTBUG-44421
Fixes:
http://autobuild.buildroot.net/results/5b8/5b85c6819f94988abd8abfcdaad6226ceb2d790a/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit adds a patch to python3 that makes sure it does not use an
invalid header path (pointing to host headers) when including ncursesw
support.
Fixes:
http://autobuild.buildroot.org/results/9bd/9bdaa392e8dd00c6ebee156b758e3c0cac480237/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash
CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed
Drop a patch applied upstream, along with its accompanied AUTORECONF.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If the pcre package is build before erlang, the erlang's build
system use pcre.h from pcre package instead of using pcre.h bundled
by Erlang.
Erlang use an old version of this file which is incompatible
with the upstream one.
http://autobuild.buildroot.net/results/cbd/cbd8b54eef535f19d7d400fd269af1b3571d6143/build-end.log
And many more.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Backport an upstream patch to make it compile with no-opengl. Otherwise
it will fail showing an error message like this one:
qpaintervideosurface.cpp:99:47: error: 'QOpenGLContext' has not been
declared
Upstream commit:
2b181d5469
Fixes:
http://autobuild.buildroot.net/results/b77/b77cdf9b1cf6cafd5afef7337553bb32489207e5/
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
In 349c9c7 (package/util-linux: add more tool select options), the
util-linux' wdctl option was renamed, but a entry in the legacy menu was
no added.
Add this now.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also reformat the comment lines and fix the comment.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also add a comment for cwiid itself.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also removed the redundant indirect dependencies on wchar, threads, mmu
(gstreamer depends on libglib2 so this indirect dependency is obvious).
[Peter: drop wchar+threads from comment as suggested by Jerzy Grzegorek]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Also removed the redundant indirect dependencies on wchar, threads, mmu
(gstreamer depends on libglib2 so this indirect dependency is obvious).
[Peter: drop wchar+threads from comment as suggested by Jerzy Grzegorek]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>